UK told to expect fraud epidemic in 2023

The UK has been warned that it should be prepared to face “unprecedented levels of fraud” in 2023 after police undertook its biggest ever fraud operation involving tens of thousands of suspected criminals.

Police forces across the world have combined to arrest a gang of criminals which operated an international one stop spoofing shop.

More than 200,000 potential victims in the UK alone have been directly targeted through the fraud website iSpoof.

At one stage, almost 20 people every minute of the day were being contacted by scammers hiding behind false identities using the site.

They posed as representatives of banks including Barclays, Santander, HSBC, Lloyds, Halifax, First Direct, Natwest, Nationwide and TSB.

Scotland Yard’s Cyber Crime Unit worked with international law enforcement, including authorities in the US and Ukraine, to dismantle the website this week.

This was a crucial phase in a world-wide operation, which has been running out of the public eye since June 2021, targeting a suspected organised crime group.

iSpoof enabled criminals to appear as if they were calling from banks, tax offices and other official bodies as they attempted to defraud victims.

Victims are believed to have lost tens of millions of pounds while those behind the site earned almost £3.2 million in one 20 month period.

Detective superintendent Helen Rance, who leads on cyber-crime for the Met, said: “By taking down iSpoof we have prevented further offences and stopped fraudsters targeting future victims.

“Our message to criminals who have used this website is we have your details and are working hard to locate you, regardless of where you are.”

The Met’s Cyber and Economic Crime Units co-coordinated the operation with the National Crime Agency, Europol, Eurojust, the Dutch authorities and the FBI.

In the UK, more than 100 people have been arrested, the vast majority on suspicion of fraud.

iSpoof allowed users, who paid for the service in Bitcoin, to disguise their phone number so it appeared they were calling from a trusted source. This process is known as ‘spoofing’.

Criminals attempt to trick people into handing over money or providing sensitive information such as one time pass codes to bank accounts.

The average loss from those who reported being targeted is believed to be £10,000.

In the 12 months until August 2022 around 10 million fraudulent calls were made globally via iSpoof, with around 3.5 million of those made in the UK.

Of those, 350,000 calls lasted more than one minute and were made to 200,000 individuals.

Losses reported to Action Fraud as a result of the calls and texts via iSpoof is around £48 million. Because fraud is vastly underreported, the full amount is believed to be much higher.

The Met’s Cyber Crime Unit began investigating iSpoof in June 2021 under the name of Operation Elaborate. It was created in December 2020 and had 59,000 user accounts.

Investigators infiltrated the site and began gathering information alongside international partners.

The website server contained a treasure trove of information in 70 million rows of data. Bitcoin records were also traced.

Because the pool of 59,000 potential suspects is so large, investigators are focusing first on UK users and those who have spent at least £100 of Bitcoin to use the site.

A wave of UK arrests followed with details of other suspects passed onto law enforcement partners in Holland, Australia, France, and Ireland.

Met commissioner Sir Mark Rowley said: “The exploitation of technology by organised criminals is one of the greatest challenges for law enforcement in the 21st century.

“Together with the support of partners across UK policing and internationally, we are reinventing the way fraud is investigated. The Met is targeting the criminals at the centre of these illicit webs that cause misery for thousands.

“By taking away the tools and systems that have enabled fraudsters to cheat innocent people at scale, this operation shows how we are determined to target corrupt individuals intent on exploiting often vulnerable victims.”

The new was greeted with concern by experts with one warning that the UK now faced unprecedented levels of fraud in the months to come.

Amber Burridge, Head of Intelligence for fraud prevention service Cifas, said: “Criminals are always looking for ways to exploit consumers, often posing as trusted organisations in order to deceive people into handing over their personal and financial details.

“In the first nine months of this year we’ve seen identity fraud increase by 34% compared to last year, with the UK heading into 2023 facing unprecedented levels of fraud. This operation represents a great step by the Met towards combatting fraud and its enablers, to prevent consumers and businesses paying the price.”